[1578] in Release_7.7_team
IRIX 6.2/6.3 OS update in dev cell
daemon@ATHENA.MIT.EDU (Robert A Basch)
Thu Dec 31 15:12:08 1998
To: rel-eng@MIT.EDU
Cc: release-team@MIT.EDU
Date: Thu, 31 Dec 1998 15:12:02 EST
From: Robert A Basch <rbasch@MIT.EDU>
I have updated the IRIX 6.[23] os and install read/write volumes in
the dev cell as follows:
sgi_62:
-------
- Installed patchSG0003143, containing fixes for the following:
o Bug #600678: Exploitable buffer overflow
o Bug #617404: Memory leak in xterm
- Installed patchSG0003163, containing fixes for the following:
o Buffer overflows in the Xaw library may provide an
exploitable security hole. (Bug #600686, #627441)
o Buffer overflows in the Xt library may provide an
exploitable security hole. (Bugs #600690, #609039,
#609104)
o Buffer overflows in the X11 library may provide an
exploitable security hole. (Bugs #607710, #608693,
#608806, #608998, #609085, #614197, #625464, #627631,
#628917, #628942)
o XtMalloc may be called in response to XtMalloc errors,
leading to a fatal recursion. (Bug #609236)
o Free of non-allocated memory in libX11. (Bug #615810)
o Buffer overflows in the Xmu library may provide an
exploitable security hole. (Bug #627136, #627543)
- Removed "whatsnew.registration", the on-line registration software
package; we don't want it, and it was reported to have a security
hole (!).
The following volumes will need to be released at the appropriate
time (mount points relative to /afs/dev/system/sgi_62/):
Name Mount
---- -----
system.sgi_62.os os
system.sgi_62.usr os/usr
system.sgi_62.lib os/usr/lib
system.sgi_62.share os/usr/share
system.sgi_62.debug os/usr/lib/debug
system.sgi_62.lib32 os/usr/lib32
system.sgi_62.sbin os/usr/sbin
system.sgi_62.perf os/usr/share/Performer
system.sgi_62.inst install
sgi_63:
-------
- Installed patchSG0003144, containing fixes for the following:
o Bug #600678: Exploitable buffer overflow
o Bug #617404: Memory leak in xterm
- Installed patchSG0003164, containing fixes for the following:
o XInternAtom fix for the N32 version of libX11.so (Bug
#353344)
The call to XInternAtom passing a non-existent atom
generates an X request with a length of -1. This
causes and X Bad Length error and a subsequent crash of
the application.
o XCreateIC leaks memory. (Bug #439052)
o dlopen("libXt.so", RTLD_NOW) results in a fatal runtime
error, with an unresolved external symbol
SgCvtCreateConversionContext. (Bug #433544)
o Can not input cns2 characters on big5 environment. (Bug
#458895)
o bitmap: disappearing when selecting "Change Size..." in
Japanese locale. (Bug #459606)
o Incorrect contents for i18n X support of latin2 and
ru_RU.KOI8 (Bug #461010)
o Patch 1833 has problems (Bug #478400)
o Applications which generate signals such as SIGARLM may
lose connection to IM server. (Bug #488823)
o Security vulnerability in libXt (Bug #493564)
o Buffer overflow allows unprivileged users to get root
access through setuid X programs. (Bug #495591)
o Buffer overflows possible in libX11
internationalization code. (Bug #496885)
o Potential buffer overflow in XGetErrorDatabaseText.
(Bug #518036)
o Buffer overflows in the Xaw library may provide an
exploitable security hole. (Bug #600686, #627441)
o Buffer overflows in the Xt library may provide an
exploitable security hole. (Bugs #600690, #609039,
#609104)
o Buffer overflows in the X11 library may provide an
exploitable security hole. (Bugs #607710, #608693,
#608806, #608998, #609085, #614197, #625464, #627631,
#628917, #628942)
o XtMalloc may be called in response to XtMalloc errors,
leading to a fatal recursion. (Bug #609236)
o Free of non-allocated memory in libX11. (Bug #615810)
o Buffer overflows in the Xmu library may provide an
exploitable security hole. (Bug #627136, #627543)
- Removed "Register", the 6.3 version of the on-line registration
software package.
The following volumes will need to be released at the appropriate
time (mount points relative to /afs/dev/system/sgi_63/):
Name Mount
---- -----
system.sgi_63.os os
system.sgi_63.usr os/usr
system.sgi_63.lib os/usr/lib
system.sgi_63.debug os/usr/lib/debug
system.sgi_63.swins os/usr/lib/SoftWindows
system.sgi_63.share os/usr/share
system.sgi_63.demos os/usr/demos
system.sgi_63.lib32 os/usr/lib32
system.sgi_63.lib64 os/usr/lib64
system.sgi_63.prodev os/usr/ProDev
system.sgi_63.inst install